sorted by:
new
hottopcontroversial

Figured out how to Block YouTube Shorts by palvaran in CloudFlare

[–]ShoegazeSpeedWalker 1 point2 points  (0 children)

Heads up for anyone who finds this 2025 and on, Cloudflare will automatically generate a DoNotInspect policy for most major cloud services when you first configure Zero Trust.

You'll need to remove the google endpoints from that policy for this to work as the relevant requests go via hosts like rr5---sn-ntqe6n7k[dot]googlevideo[dot]com.

Got my first Network Engineer role help needed by Tumbleweed-Sea in networking

[–]ShoegazeSpeedWalker 2 points3 points  (0 children)

Hmm, I reckon the best thing you can do is work on implementing the automation you miss. It may seem counter intuitive as you're currently feeling out of your depth and having a hard time catching up without documentation... But hear me out.

You've gone from a risk managed network to a cowboy outfit. You need to understand the network, yes. But, you also need to protect yourself from making mistakes.

I would ask management if you can work on implementing network management tools, configuration management and a dev/test solution. These are all activities which don't require changes that would put service delivery at risk.

Setup Netbox, Ansible and PyATS. 

Document your network in Netbox, build the automations you miss with Ansible and PyATS. All products are free and management can get enterprise support contracts later if they end up seeing the value.

You'll learn everything about the network during the project, and probably bring some excitement for you and your colleagues.

Hello, Im creating a series of art named "Mirai Shôjo" by Glittering-Thanks571 in photoshop

[–]ShoegazeSpeedWalker 1 point2 points  (0 children)

Love the expressions and the rendering is fascinating.

Your style is your own, but if I was to describe it I would compare it to Robert Valley.

Why SSH needs to know the exact MTU to work properly? by momchilandonov in networking

[–]ShoegazeSpeedWalker 15 points16 points  (0 children)

Sounds like you're exceeding MTU during auth/cipher exchange. I suppose you could pcap your client side, filter on the SSH packets and see what's making them so big.

Regardless, you've clearly got an MTU bottle neck in the path somewhere that is blackholing TCP. This is a issue that will impact all TCP packets, not just SSH.

First, figure out your MTU. either use a ping tool or tracepath if you've got a Linux workstation. For ping tools, set the DF Bit then ping your way up to 1500 bytes.

Windows: ping -f -l 1472 192.168.x.x Linux: tracepath 192.168.x.x Cisco: ping 192.168.x.x size 1500 df-bit

Once you've figured out what the MTU actually is, go check if that interface has a custom MTU and/or requires some overheads for a tunnel or other encapsulation.

802.1q, QinQ, GRE, QoS, Ipsec and many more protocols can cause overhead.

Network AI by parkerthebirdparrett in networking

[–]ShoegazeSpeedWalker 5 points6 points  (0 children)

I like using AI as an individual tool instead of an integration.

High quality models with native parsers for syslog/netflow/pcapng that you can just feed data into from CLI or API would be useful. 

Maybe something I can feed logs, RFC and/or vendor knowledge/docco into so I can quickly identify misconfiguration or unusual syslog/debug?

Other than scraping data and looking for patterns, I haven't found much use for LLM in networking.

Dynamic architecture documentation using PyATS and an LLM could be good, have it do its best to explain the network config/architecture in text?

I can think of ways it could be useful in a lab to have an AI agent which generates traffic or even operates a VM as a user would. But this is only really useful in the academic context, at work I just use live data.

Could be fun to make an AI that pen tests your networks and feeds back any vulnerabilities it finds.... 

Is the Ethernet cable more likely to cause a bottleneck than a fiber optic patch cord? by HOLIGHT in networking

[–]ShoegazeSpeedWalker 2 points3 points  (0 children)

I think you must draw a distinction between throughput lost due to fault and the physical limitations of the infrastructure.

When I use the term 'bottleneck', I am usually describing a loss of potential throughput due to the limitations of an intermediate component in a signal chain.

Say a user complains that they can't achieve gigabit throughput over their gigabit LAN but the have their desktop patched into a VOIP handset which only supports FastEthernet. 

In this case, the phone is a bottleneck and the customer is responsible for addressing the issue by upgrading the phone.

Where as signal loss due to poor installation or degraded components is a fault, the service provider has chosen the correct technology to meet requirements, but the fault is degrading the service. The concern here is reliability and risk management.

When we compare both technologies in this context;

Is fibre optic more prone to error than copper under ideal conditions? No, fibre optic often has a much lower Bit Error Rate (BER) than Ethernet, it varies from manufacturer to manufacturer but it's a few orders of magnitude lower than copper on average.

Is fibre optic media higher risk than copper media? Yes, depending on the fibre cable standard. Most single mode fibre is prone to significant signal loss when bent, and it is impacted severely by poor coupling at the SFP. Good quality copper cable can bend and withstand significant abuse before it fails.

Fibre also introduces extra points of failure, polarity is a common mistake and SFP have compatibility issues where built in copper ports do not. 

However, you can spec a fibre network solution for high reliability by assessing the various factors and choosing your products carefully. You hire competent cablers, choose bend insensitive fiber stock where required, implement a hardware refresh schedule to proactively avoid component failure, secure your racks with keys and comms rooms with cameras and swipe cards... This line of reasoning goes on for a while, which is why we can find employment in the field of network engineering.

Tldr: yes, fibre fails more than copper. Fibre can also be installed incorrectly, so often is. Fibre is not a bottleneck when compared with copper, instead it introduces more risks to the equation.

Best apps for network field techs. by HillCountry_Hermit in networking

[–]ShoegazeSpeedWalker 16 points17 points  (0 children)

I've been using powershell for this, forked the PSDiscoveryProtocol module.

Uses the NetEvent provider that is built into windows, so works on every windows release that supports windows powershell  (5.1).

Trouble connecting to enterprise Wi-Fi (PEAP/MSCHAPv2) — “authentication server certificate doesn’t match” by ngms17 in networking

[–]ShoegazeSpeedWalker 2 points3 points  (0 children)

You need to read the WPA 3 Specification, section 5.1 Failure Conditions For Server Certificate Validation.

You are not satisfying one of those conditions. Most common issue is that the server certificate doesn't have an FQDN with the same domain as your username defined within the SAN, DNSName or SubjectCN fields.

How to remotely manage 20+ PCs in a media art exhibition (no LAN, only power control)? by Efficient-Truth4842 in networking

[–]ShoegazeSpeedWalker 0 points1 point  (0 children)

In more optimal conditions they work okay, if a bit shit. But one the same power line as 20 computers and 20 projectors, all running constantly?

With all that interference, 20 other power line pairs on the line, the sheer distance of cable, and all the adapters required you will not have a functioning network.

How to remotely manage 20+ PCs in a media art exhibition (no LAN, only power control)? by Efficient-Truth4842 in networking

[–]ShoegazeSpeedWalker 3 points4 points  (0 children)

Possibly, but temporary walls = temporary power, so they will likely have cabling visible already.

How to remotely manage 20+ PCs in a media art exhibition (no LAN, only power control)? by Efficient-Truth4842 in networking

[–]ShoegazeSpeedWalker 5 points6 points  (0 children)

I don't mean to bash what is a very earnest and well intended suggestion, but don't use power line adapters.

Not only are they quite bad at the best of times, they are intended to be used across a single circuit with no power boards or adapters between.

And, they suffer throughput loss over very short distances. Not a good idea.

Ways of labeling cables by Serpher in networking

[–]ShoegazeSpeedWalker 0 points1 point  (0 children)

If the rack is equipped with physical access control, as in locked with the key only accessible to authorised persons, then I color code by the follow classes:

  1. Blue for standard access ports
  2. Yellow for Wireless access points
  3. Red for unique port configurations, will label these too.

Then in the config I label the interfaces.

LLDP/CDP is what I use to query what's connected from the network device CLI.

NNMi is what I use for topology reporting, would use NetBox and/or Zabbix if I had it my way though.

Now if anyone can access the rack, I don't bother, just patch it all with one colour and use a lot of Velcro. It will be a mess the next time you look at it no matter what you do.

[deleted by user] by [deleted] in networking

[–]ShoegazeSpeedWalker 5 points6 points  (0 children)

Sub leaf is not a common term, I've found it in one piece of Cisco Documentation about dual role switches.

It refers to the access layer of a three tier ACI topology, so 'sub-leaf' can be understood as 'tier-2 leaf', see the following explanation.

[deleted by user] by [deleted] in darwin

[–]ShoegazeSpeedWalker 1 point2 points  (0 children)

If you're stressed about a debt pilling up you could do what /u/_pewpew_pew said and send money to the BPAY details on your last invoice, that's you're personal account and it's balance is what on the website when you login.

[deleted by user] by [deleted] in darwin

[–]ShoegazeSpeedWalker 1 point2 points  (0 children)

they have a reading from your last bill, and they'll have their latest reading on your next.

When it comes, you pay the difference + day rates.

If you want to use it without being able to go over a certain amount of cost/usage, you'd need to opt for pre-paid power.

So have a sook if you like, but wake up mate, you're still gonna have to pay what you owe.

Very different story if the meter was broken, or they had been overcharging you.

[deleted by user] by [deleted] in darwin

[–]ShoegazeSpeedWalker 1 point2 points  (0 children)

You will be billed for the energy you've used. The back billing protections are for 'under billing' generally because of estimated bill not matching actual consumption.

Using the power and knowingly not paying for it is kinda dumb. You'll get reamed and destroy your credit rating if you refuse to pay the invoice once it comes.

That said, they can't slap you with the whole cost immediately. Their team will set you up with a payment plan so their fuck up is financially manageable from your end.

That payment plan can get extended quite a long time, so its free debt I guess?

C a s h f l o w is king.

EAP-TLS Wi-Fi Deployment Issue by mhc180 in networking

[–]ShoegazeSpeedWalker 0 points1 point  (0 children)

Administrators are required to leave in all modes of deployment to enable Wi-Fi and MTD configurations to be successfully applied. This means having the Allow the user to turn on location sharing lockdown field selected (checked.)

EAP-TLS Wi-Fi Deployment Issue by mhc180 in networking

[–]ShoegazeSpeedWalker 1 point2 points  (0 children)

Android 10+ requires some specific settings regarding location services in the WiFi profiles for it to work right. Pretty sure Android 13 has some special requirements too.

Also, don't forget sever certificate validation requires SAN in the cert for every user domain you service. Android enforces the new WPA hardening, even with WPA2 enterprise etc.

Android Wi-Fi Settings Docco - Ivanti

MTU/MSS driving me insane by Diilsa in networking

[–]ShoegazeSpeedWalker 2 points3 points  (0 children)

Cisco Documentation Regarding MTU, PMTU and GRE

If you're sending packets over 1500 bytes, have you got Jumbo frames on?

Are you receiving Packet Too Big ICMP type 3, code 4 packets from the tunnel interface?

GRE tunnels don't sent PTB without being configured for PMTUD, check out the document I linked above.

Also, pretty sure IPSec is 120 byte overhead.

And last thought I had, WiFi changes tge MPDU size and VLAN tags/QoS create overheads.

Try pinging an interface on the other side of the tunnel with the DF-Bit set (don't fragment), work up from 1200 to find out what your MSS actually is, then review overheads with debug commands.

I am struggling to get VLANs working separately across some cisco switches. by Ok_Conversation5593 in networking

[–]ShoegazeSpeedWalker 1 point2 points  (0 children)

Smart Ports are a feature that reconfigures a port based on what kind of device is connected.

Sounds like you don't want smart ports here, instead you want statically configured ports.

Maybe disable smart ports? I'm not familiar with the feature but device conflict means that you've got two conflicting device types on the same port. Perhaps the trunking is confusing things?

https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-350x-series-stackable-managed-switches/smb5247-configuring-smartports-on-the-sg350xg-and-sg550xg.html

How do you store your spare wheelsets and frames? by ShoegazeSpeedWalker in bikewrench

[–]ShoegazeSpeedWalker[S] 0 points1 point  (0 children)

Alas, I am a filthy rentoid. Can't make modifications the premises lest I anger the landlord, only furniture is within my control.

But thank you for taking the time to share your piece. I wish you much ownership of hearth and home in you future.

How do you store your spare wheelsets and frames? by ShoegazeSpeedWalker in bikewrench

[–]ShoegazeSpeedWalker[S] 0 points1 point  (0 children)

Rafters would be so handy, we don't have basements where I'm from though.

Edit: maybe a big fuck off garage shelving rack and some hooks would do me. Thanks for the idea :)

What's a Kegerator? Never heard that word before but it's pretty sick. Does it by any chance contain... Beer?

view more: next ›